Best Practices for Unusual Emails

In this video, we’re going to go over some best practises for unusual emails. So first and foremost, chances are you’re probably getting a lot of unusual emails from time to time, things like phishing attacks, spear fishing attacks, scams, and whatnot. But the most important thing is, don’t panic. We’re going to get through this together. So the first thing we want to take a look at is the actual send-to from address. So in this example, I have a couple of different emails in here. So the first one in here we see, it’s from Bill Gates. And if you initially take a look at it, it says gatesbill@msn.com. However, we see this other addition to it. It says via srv62.main-hosting.eu, rather.

So what this means is, this is a redirect. So if you just take a quick look, you’ll see the gatesbill@msn.com. And for some people, they’ll just stop there. They’ll assume that, well, it’s from Microsoft and it’s from Bill Gates. But what it’s really doing is this web address here, this srv62.main-hosting.eu, this is the real email address it’s coming from. And the MSN address is the one it’s spoofing. So we need to be very careful about that. If we see anything that’s using a redirect, that should be a red flag right there. You should be very careful about the contents of that email. Now next up I have Microsoft licence expired. Now in this one here, it says Microsoft Support Team.

So in some phishing tests I’ve done, I actually use this one. And it worked pretty well. So the way this one works is, when you get the email that says Microsoft Support Team, and people tend to freak out, especially the way it’s crafted it says your licence expired, to contact us, get help in the app, contact support. And the bottom part there, the contact, Get Help app in Windows 10, that’s actually a real email from Microsoft. So I use part of a real Microsoft email to spoof that. Now, a lot of scammers will actually do the same tactic. They’ll actually use some of the real information there to actually make it look more legitimate.

But in here, what we want to do is we want to look at this microsoft.s28@yahoo.com.

So this one I’m not even spoofing the email address. I actually just took the name Microsoft Support. And sometimes people stop there. They don’t look at where the real email’s coming from. Now you always want to check where the emails coming from. You want to see what their source address is. In this case, it’s Yahoo.com. And you also want to see if it’s being a redirect. In this case, it’s the srv62. Now, Microsoft has their own email server. So they’re not going to use a Yahoo email address. So that should be a flag right there as to, you should never open that type of email or open any files in there. So this is another one.

This is a PayPal one. And it says, Reminder– your PayPal web on Microsoft Edge. Here’s your receipt. It’s trying to make me believe that I actually bought something. Now the problem with this one is, if we look up in here, it says it’s emailed to me and 89 other people. Now, if a company is going to email you about something specific for you, something like, well, hey, you bought something, here’s your receipt, they’re not going to put anyone else on the email, especially 89 other people. So that should be a flag right there that this is not a legitimate email.

And if I go in here, I take a look at the web address, I’ll be able to tell, then, well, it’s not a PayPal email either. So you want to take a look at that, too. Again, if a company is going to email you, it’s going to be directly to you. They’re not going to put other email addresses on there.

So let’s take a look at this one. So this, I have here a totally legitimate link. So it looks like it says Google.com. And if we look down in the corner here, right down in here, we can see it actually goes through www.hack-my-computer.com. Now firstly, don’t go to that URL. I have no idea where that goes. That was only for demonstration purposes. So this is called a link cover. So what I’m doing here is, if someone sends you a link, don’t click on the link. You could simply hover over the link and look down in the corner and see where it’s actually going. That way, you can see if it’s safe or not. In this case, it’s not safe.

Even though it looks like it’s going to www.google.com, it’s really going to www.hack-my-computer.com. Again, don’t go there, demonstration. But again, it shows you that this is why you don’t click on the link. Even if you’re reading the URL, that’s not necessarily where it’s going to. So again, just hover over the link, look in the corner, and you can see where it’s going. Another tactic you do is you right-click and copy and paste it into Notepad, or any other editor, and see where that link goes.